Krebs on SecurityEarlier this month, beauty products chain Sally Beauty acknowledged that a hacker break-in compromised fewer than 25,000 customer credit and debit cards. My previous reporting indicated that the true size of the breach was at least ten times larger. While the number of cards known to be compromised so far pales in comparison to the 40 million cards exposed by the breach at some 1,800 Target locations, new analysis suggests that the Sally Beauty breach may have impacted far more stores --virtually all 2,600+ Sally Beauty locations nationwide.
Graham CluleyRTF? WTF!
Microsoft hasn't patched against this zero-day vulnerability yet, which is actively exploited by malicious hackers.
Sophos - Naked SecurityLast week, SophosLabs alerted us to a Bitcoin phish orchestrated by email.
This week, it's a Bitcoin phish that relies on typosquatting.
Paul Ducklin offers some tips to keep you safe...
CSO OnlineBasecamp, a project management application, is the latest victim of an extortion scheme that promises DDoS attacks unless a ransom is paid. The service was down for several hours on Monday as attackers slammed the network with malicious packets.
Krebs on SecurityMicrosoft warned today that attackers are exploiting a previously unknown security hole in Microsoft Word that can be used to foist malicious code if users open a specially crafted text file, or merely preview the message in Microsoft Outlook.
CSO OnlineOver the weekend the Hash reported on a story published by Brian Krebs, and continued to chase open threads, resulting in new information. Here's a re-cap of the story, including additional commentary in order to address a reader's questions.
CSO OnlineThe playing field is tilted in favor of our adversaries. To win, we must defend all possible attack vectors, yet our adversaries need only exploit one.
Graham CluleyFor those of us concerned with securing systems and keeping computer data safe, Java has been a nightmare.
It's time for Oracle to get serious about Java security updates.
Learn more in my article on Lumension's Optimal Security blog.
Graham CluleyIf you're a Tumblr user, I would recommend enabling this new security option as soon as possible.
It can help stop hackers taking over your account.
CSO OnlineThere seems to be a global evolution in security talent worldwide - partly from want and partly from need. The technology, talent and techniques once necessary to support a sound security posture are changing as threats and business needs also change. My most recent trip to Latin America helps amplify these changes.
Sign up now »
Manage the complete audit lifecycle from audit universe identification and risk assessment to management/board reporting and quality assurance.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.